Last week, Germany’s Financial Supervisory Authority (BaFin) unveiled a centralized platform for receiving whistleblower complaints, including anonymous complaints, of alleged violations of supervisory provisions within the financial sector. The move appears to represent a shift in German ideology toward a more favorable view of anonymous reporting, which for many years was discouraged in Germany and more broadly in the EU due to the risk of “organized systems of denouncement.” Under the new program, whistleblowers may submit reports in writing (on paper or electronically), by phone (with or without recording the conversation), or verbally. BaFin’s press release announcing the program states that it will make the anonymity of whistleblowers a “top priority,” and that it will not pass on the identity of whistleblowers to third parties. The program is “aimed at person with a special knowledge of a company’s internal affairs – for example because they are employed there or have some other contractual relationship or relationship of trust with the company.”
BaFin was required to implement this new platform due to an amendment to the German Act on Financial Services Supervision. Notably, the Act only applies to the financial services sector, not including external accountants, tax consultants and attorneys. It provides that employees working in the financial services sector may not be held liable for reporting potential or actual breaches of law under either employment law or criminal law, unless the report was false or grossly negligent.
In addition to BaFin’s own platform, the Act requires covered financial institutions to provide internal procedures for employees to report violations of supervisory rules, including anonymously. However, the Act provides no details as to implementation, Board responsibilities, or the protection of whistleblowers. Therefore, banks and insurers will want to stay abreast of further developments in this area.
Notably, the German Act implements an EU regulation recently adopted, and reporting procedures regarding violations of supervisory rules are currently being harmonized throughout Europe. As a result, financial institutions can expect similar provisions to be enacted in other EU jurisdictions. The German act is also another example of the growing efforts of governments to encourage reporting of wrongdoing to regulators. For example, the Ontario Securities Commission recently enacted regulations patterned after Dodd-Frank which will become effective on July 14 that establish a whistleblower office at OSC which will provide for cash awards to whistleblowers whose reports result in enforcement actions and fines.
In light of these important developments, companies with German operations, particularly in the financial services sector, should review and update their whistleblower policies and procedures to ensure they are in accordance with the new law and with best practices. Companies will want to have robust mechanisms for employees, as well as vendors and other third parties, to report violations of law internally and for those concerns to be promptly and properly investigated. By creating a trusting environment for whistleblowers to report internally, a company can go a long way toward uncovering and remedying violations of law quickly and effectively and without regulatory intervention.